Hello and welcome to GeekPolice.NetMy name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.*************************************************************************

Please download Unhide by Grinler from [You must be registered and logged in to see this link.] and save it to your desktop.

Double click unhide.exe to run the tool.

It will take some time to go through all your files, so please be patient.

If this tool doesn´t fix the problem, please let me know.

************************************************Please download [You must be registered and logged in to see this link.]by Xplode onto your Desktop.

Please close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Delete.

Confirm each time with OK

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the content of that logfile in your reply.

You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

********************************************* Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.]Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select "Perform Full Scan", then click Scan.

The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)

Please save the log to a location you will remember.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.*************************************************Please download [You must be registered and logged in to see this link.] to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click [You must be registered and logged in to see this link.]link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.*****************************************Please download [You must be registered and logged in to see this link.] to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click [You must be registered and logged in to see this link.]link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.

Last edited by Superdave on 12th October 2013, 10:28 pm; edited 1 time in total

Hi Dave,Thank you for your quick response. I ran the unhide.exe and the icons appeared but when I rebooted, like the program asked, they disappeared again. I then disabled Avast and re-ran the program, the same thing happened. I ran the adwcleaner through the task manager but when it reboots, the txt wont open and don't know how to find it.

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [You must be registered and logged in to see this link.] for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone. Therefore, I recommend that nothing be allowed in the trusted zone. If you agree, please do the following.

Re-running ComboFix to remove infections:

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please download [You must be registered and logged in to see this link.] and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page for performing a scan.

Caution: This is a beta version so also read the disclaimer and [You must be registered and logged in to see this link.] all your data before using.

When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.

Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.

Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.

Copy and paste the contents of these two log files in your next reply.

Click on to download the ESET Smart Installer. Save it to your desktop.

Double click on the icon on your desktop.

•Check •Click the button.•Accept any security warnings from your browser.

Leave the check mark next to Remove found threats.

•Check •Push the Start button.•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.•When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.•Push the button.•Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

I rebooted and the icons weren't there. The only thing that makes them come up is if I run the combofix. Could something else be causing this action? Yesterday, after the blue screen, they started faster than I've ever seen them come up!! Ironic!

I did not create that folder, I don't even know what it is, how to or where to create it.

This morning when I started the computer, my monitors wouldn't show any activity not even the mouse, like they weren't connected. I had to reboot and then started working. Would I be having trouble with my video card?

I did not create that folder, I don't even know what it is, how to or where to create it.

Please go to [You must be registered and logged in to see this link.](If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code:

C:\Layers.scr

* At the upload site, click once inside the window next to Browse.* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.* Next click Submit file* Your file will possibly be entered into a queue which normally takes less than a minute to clear.* This will perform a scan across multiple different virus scanning engines.* Important: Wait for all of the scanning engines to complete.* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.**********************************************

Would I be having trouble with my video card?

It could be something like that or the monitor itself. Do you have two monitors on that computer?

[You must be registered and logged in to see this link.] wrote:Dave, two days in a row I have started the computer with no problem. I will try it for few more days and let you know. I have to thank you for your patience and all the help you have given me.

Dave, so far so good with the icons and couldn't be happier but... I have an error with net framework visual studio 8. Don't know if it's important or not, I'm sending you the log, hopefully you can help.

Click OK on the Disk Cleanup Screen.Click Yes on the Confirmation screen.

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)**************************************Go to [You must be registered and logged in to see this link.] and get all critical updates.

----------

I suggest using [You must be registered and logged in to see this link.]. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

[You must be registered and logged in to see this link.]- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.* [You must be registered and logged in to see this link.] from Spyware and Malware* If you don't know what ActiveX controls are, see [You must be registered and logged in to see this link.]

Check out [You must be registered and logged in to see this link.] for tips and free tools to help keep you safe in the future.